Learning Outcomes
By the end of this article, you will be able to identify which non-audit services are fully prohibited for audit clients and explain the reasons. You will assess threats arising from permissible services, apply the threat–safeguard model, and classify threat types. You will also be able to describe and recommend effective ethical safeguards to maintain auditor independence, and apply these principles in exam scenarios.
ACCA Audit and Assurance (AA) Syllabus
For ACCA Audit and Assurance (AA), you are required to understand the restrictions and risks associated with non-audit services. You must be able to:
- Explain the types and sources of threats to objectivity and independence when auditors provide non-audit services to audit clients.
- Identify which non-audit services are prohibited for listed and non-listed clients, and why.
- Assess the significance of threats and determine suitable safeguards in line with the ACCA Code of Ethics and Conduct.
- Apply the conceptual framework to identify, assess, and respond to ethical threats arising from non-audit services.
- Recognise the role of the audit committee and ethical standards in monitoring the provision of non-audit services.
- Recommend appropriate audit firm responses to common exam scenarios involving threats from non-audit services.
Test Your Knowledge
Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.
-
Which of the following services is strictly prohibited for an auditor to provide to a listed audit client?
- Routine payroll processing
- Internal audit relating to financial accounting systems
- Tax return filing
- Advisory on legal compliance
-
Match each type of threat with the corresponding non-audit service scenario:
i) Auditor calculates client’s tax accrual for the audited financial statements ⟶ **__**
ii) Auditor assists in recruiting the client’s CFO ⟶ **__**
Options:
A. Self-review threat
B. Familiarity threat -
True or false? Providing IT system design services to a non-listed client is always prohibited for the external auditor.
-
List two safeguards an audit firm should implement when permitted non-audit services could create a threat to independence.
Introduction
Auditors are sometimes engaged to provide services beyond the financial statement audit, known as non-audit services. While some services are allowed under strict conditions, others are prohibited in order to protect independence and objectivity, essential to the reliability of the audit opinion.
The ACCA Code of Ethics and Conduct, along with national ethical standards, establishes a framework for identifying, evaluating, and responding to the threats arising from the provision of non-audit services to audit clients.
Key Term: non-audit services
Professional services provided to an audit client by the audit firm that are not part of the audit of the financial statements, such as tax, internal audit, IT, and advisory services.
Threats to Independence from Non-audit Services
Non-audit services may create threats to the auditor’s independence. The main threats relevant to non-audit service provision are:
Key Term: self-review threat
The threat that the auditor will not appropriately evaluate the results of a previous judgement made, or service performed, by the firm when forming a conclusion as part of the current audit.Key Term: advocacy threat
The threat that the auditor will advocate for the client’s position, compromising impartiality or perceived independence.Key Term: familiarity threat
The threat that close or longstanding relationships with the client will result in excessive trust or acceptance of information.Key Term: self-interest threat
The risk that financial or other personal interests could unduly influence the auditor’s judgement or behaviour.Key Term: intimidation threat
The threat that the auditor will be deterred from acting objectively due to actual or perceived pressures from the client.
Prohibited Non-audit Services
Certain non-audit services are completely prohibited for public interest entities (PIEs), such as listed companies, to avoid significant threats to independence that cannot be reduced to an acceptable level by safeguards.
Commonly prohibited services include:
| Service | Reason for Prohibition (Threat) |
|---|---|
| Preparation of accounting records/FS | Self-review |
| Internal audit over financial systems* | Self-review/familiarity |
| IT system design or implementation** | Self-review |
| Valuation services (if material) | Self-review |
| Tax calculations used in FS^ | Self-review |
| Legal services relating to litigation^ | Self-review/advocacy |
| Acting as management or decision maker | Management participation (various) |
* if relating to internal controls over financial reporting
** if the system forms a significant part of financial reporting controls
^ if material to the audit or affecting audited balances
Key Term: prohibited non-audit services
Non-audit services that the auditor is strictly forbidden from providing to an audit client under ethical standards because they create unacceptable threats to independence.
Non-listed clients are subject to similar, but sometimes less stringent, rules. However, any non-audit service that creates a threat to independence which cannot be eliminated or reduced to an acceptable level must not be provided.
Worked Example 1.1
A listed audit client asks its external auditor to redesign and implement its sales and inventory IT system, which will generate revenue figures in the financial statements.
Question: Should the audit firm accept this engagement?
Answer:
No. Designing or implementing IT systems that form a significant part of the internal controls over financial reporting is a prohibited service for PIEs. The self-review threat cannot be eliminated or reduced to an acceptable level.
Exam Warning
Confusion arises when distinguishing between routine, mechanical tasks (sometimes permitted) and any service requiring professional judgement, which is likely to be prohibited. Always check the significance of the service and whether it affects figures or controls audited by the firm.
Assessing Threats from Permitted Non-audit Services
For permitted non-audit services, the auditor must perform a threat assessment before accepting the work:
- Identify the potential threats (see Key Terms).
- Evaluate significance—is the threat at an acceptable level?
- Apply safeguards if needed (see next section).
- Refuse or discontinue the service if threats cannot be managed.
Common services that may be permitted but need threat assessment include:
- Tax return preparation (routine, mechanical only)
- Preparation of financial statements based on client-approved TB
- Payroll services
- Certain advisory work where management makes all decisions
Services involving significant judgements, estimates, or decisions are usually not permitted due to self-review or management participation threats.
Worked Example 1.2
An audit firm is asked by a non-listed client to prepare the year-end tax return using numbers based on the signed trial balance. The client reviews and approves the return before submission.
Question: What threats arise, and are safeguards possible?
Answer:
A self-review threat arises, but as the work is routine, mechanical, and the client takes responsibility, safeguards such as separate teams and independent review can reduce the threat to an acceptable level.
Safeguards Against Threats
Key Term: safeguards
Actions or measures taken by the audit firm to eliminate an identified threat to independence, or reduce it to an acceptable level.
Common safeguards include:
- Using staff with no audit involvement to perform the non-audit service.
- Having the service work reviewed by a partner or staff not involved with the audit.
- Disclosing non-audit fees to those charged with governance (e.g. the audit committee).
- Consulting with an external expert or regulator if necessary.
Worked Example 1.3
A non-listed audit client requests the firm’s assistance with recruiting a new CFO. The audit firm will only perform candidate screening; the client will make all final decisions.
Question: Is this acceptable and what safeguards are needed?
Answer:
A familiarity threat may arise (especially if the auditor develops close relationships with candidates or client staff). Safeguards such as limiting the firm’s role to reviewing qualifications, using separate staff, and not participating in decision-making are essential.
The Role of Those Charged with Governance
Audit committees, where present, are responsible for evaluating and approving any non-audit services. They must ensure that auditor independence is maintained by monitoring all additional services and related fees.
Key Term: audit committee
A subcommittee of a company’s board, primarily responsible for oversight of the external audit, including pre-approving non-audit services and monitoring auditor independence.
Summary Table: Prohibited vs Permitted Non-audit Services
| Service Type | PIEs (e.g. Listed) | Non-Listed Entities |
|---|---|---|
| Preparation of accounting records | Prohibited | Only routine/mechanical, strict safeguards |
| Internal audit (FS controls) | Prohibited | Threat assessment, heavy safeguards |
| IT system implementation | Prohibited | Threat assessment, heavy safeguards |
| Tax return preparation (routine) | Allowed, with safeguards | Allowed, with safeguards |
| Valuation services (material) | Prohibited | Threat assessment |
| Management role (any) | Prohibited | Prohibited |
Summary
Non-audit services can create serious threats to auditor independence—especially self-review, advocacy, and familiarity threats. Certain non-audit services are completely prohibited for PIEs to remove unacceptable risks. For other services, threats must be carefully assessed, and effective safeguards applied. The audit committee plays a central role in monitoring and approving these services, ensuring continued confidence in the audit opinion.
Key Point Checklist
This article has covered the following key knowledge points:
- Prohibited non-audit services for audit clients and why they are banned.
- Different types of threats to independence and how they arise.
- The process for threat assessment and the requirement to apply safeguards.
- Typical permitted non-audit services and required steps before acceptance.
- The role of audit committees in approving non-audit services.
- Use and limitations of safeguards such as independent teams and reviews.
Key Terms and Concepts
- non-audit services
- self-review threat
- advocacy threat
- familiarity threat
- self-interest threat
- intimidation threat
- prohibited non-audit services
- safeguards
- audit committee